schema_init.c 111 KB
Newer Older
1
2
3
/* schema_init.c - init builtin schema */
/* $OpenLDAP$ */
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
5
6
7
8
9
10
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */

#include "portable.h"

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
11
#include <limits.h>
12
13

#include <ac/ctype.h>
14
#include <ac/errno.h>
15
16
17
18
19
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"
#include "ldap_pvt.h"
Pierangelo Masarati's avatar
Pierangelo Masarati committed
20
#include "lber_pvt.h"
21

22
23
#include "ldap_utf8.h"

24
25
26
27
28
29
#include "lutil_hash.h"
#define HASH_BYTES				LUTIL_HASH_BYTES
#define HASH_CONTEXT			lutil_HASH_CTX
#define HASH_Init(c)			lutil_HASHInit(c)
#define HASH_Update(c,buf,len)	lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c)			lutil_HASHFinal(d,c)
30

31
/* recycled validatation routines */
32
#define berValidate						blobValidate
33
34

/* unimplemented pretters */
35
#define integerPretty					NULL
36
37

/* recycled matching routines */
38
#define bitStringMatch					octetStringMatch
39
#define numericStringMatch				caseIgnoreIA5Match
40
#define objectIdentifierMatch			octetStringMatch
41
#define telephoneNumberMatch			caseIgnoreIA5Match
42
#define telephoneNumberSubstringsMatch	caseIgnoreIA5SubstringsMatch
43
44
#define generalizedTimeMatch			caseIgnoreIA5Match
#define generalizedTimeOrderingMatch	caseIgnoreIA5Match
45
#define uniqueMemberMatch				dnMatch
46
#define integerFirstComponentMatch		integerMatch
47

48
49
/* approx matching rules */
#define directoryStringApproxMatchOID	"1.3.6.1.4.1.4203.666.4.4"
Gary Williams's avatar
Gary Williams committed
50
51
52
#define directoryStringApproxMatch	approxMatch
#define directoryStringApproxIndexer	approxIndexer
#define directoryStringApproxFilter	approxFilter
53
#define IA5StringApproxMatchOID			"1.3.6.1.4.1.4203.666.4.5"
Gary Williams's avatar
Gary Williams committed
54
#define IA5StringApproxMatch			approxMatch
55
#define IA5StringApproxIndexer			approxIndexer
Gary Williams's avatar
Gary Williams committed
56
#define IA5StringApproxFilter			approxFilter
57

58
/* ordering matching rules */
59
60
#define caseIgnoreOrderingMatch			caseIgnoreMatch
#define caseExactOrderingMatch			caseExactMatch
61
#define integerOrderingMatch			integerMatch
62
63
#define	octetStringOrderingMatch		octetStringMatch

64
/* unimplemented matching routines */
65
66
67
68
#define caseIgnoreListMatch				NULL
#define caseIgnoreListSubstringsMatch	NULL
#define protocolInformationMatch		NULL

Kurt Zeilenga's avatar
Kurt Zeilenga committed
69
#ifdef SLAPD_ACI_ENABLED
70
#define OpenLDAPaciMatch				NULL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
71
72
#endif
#ifdef SLAPD_AUTHPASSWD
73
#define authPasswordMatch				NULL
Kurt Zeilenga's avatar
Kurt Zeilenga committed
74
#endif
75
76

/* recycled indexing/filtering routines */
77
78
#define dnIndexer				caseExactIgnoreIndexer
#define dnFilter				caseExactIgnoreFilter
79
80
#define bitStringFilter			octetStringFilter
#define bitStringIndexer		octetStringIndexer
81

82
83
84
85
86
#define telephoneNumberIndexer			caseIgnoreIA5Indexer
#define telephoneNumberFilter			caseIgnoreIA5Filter
#define telephoneNumberSubstringsIndexer	caseIgnoreIA5SubstringsIndexer
#define telephoneNumberSubstringsFilter		caseIgnoreIA5SubstringsFilter

87
88
89
90
91
92
93
94
95
96
97
98
99
100
static MatchingRule *caseExactMatchingRule;
static MatchingRule *caseExactSubstringsMatchingRule;
static MatchingRule *integerFirstComponentMatchingRule;

static const struct MatchingRulePtr {
	const char   *oid;
	MatchingRule **mr;
} mr_ptr [] = {
	/* must match OIDs below */
	{ "2.5.13.5",  &caseExactMatchingRule },
	{ "2.5.13.7",  &caseExactSubstringsMatchingRule },
	{ "2.5.13.29", &integerFirstComponentMatchingRule }
};

101

102
static char *bvcasechr( struct berval *bv, unsigned char c, ber_len_t *len )
103
{
104
	ber_len_t i;
105
106
	char lower = TOLOWER( c );
	char upper = TOUPPER( c );
107
108

	if( c == 0 ) return NULL;
109
110
111
112
113
114
	
	for( i=0; i < bv->bv_len; i++ ) {
		if( upper == bv->bv_val[i] || lower == bv->bv_val[i] ) {
			*len = i;
			return &bv->bv_val[i];
		}
115
	}
116
117

	return NULL;
118
}
119

120
121
122
static int
octetStringMatch(
	int *matchp,
123
	slap_mask_t flags,
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	int match = value->bv_len - ((struct berval *) assertedValue)->bv_len;

	if( match == 0 ) {
		match = memcmp( value->bv_val,
			((struct berval *) assertedValue)->bv_val,
			value->bv_len );
	}

	*matchp = match;
	return LDAP_SUCCESS;
}

/* Index generation function */
142
int octetStringIndexer(
143
144
	slap_mask_t use,
	slap_mask_t flags,
145
146
147
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
148
149
	BerVarray values,
	BerVarray *keysp )
150
151
152
{
	int i;
	size_t slen, mlen;
153
	BerVarray keys;
154
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
155
	unsigned char	HASHdigest[HASH_BYTES];
156
	struct berval digest;
157
158
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
159

160
	for( i=0; values[i].bv_val != NULL; i++ ) {
161
162
163
		/* just count them */
	}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
164
165
166
	/* we should have at least one value at this point */
	assert( i > 0 );

167
	keys = ch_malloc( sizeof( struct berval ) * (i+1) );
168

169
170
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
171

172
	for( i=0; values[i].bv_val != NULL; i++ ) {
173
		HASH_Init( &HASHcontext );
174
		if( prefix != NULL && prefix->bv_len > 0 ) {
175
			HASH_Update( &HASHcontext,
176
177
				prefix->bv_val, prefix->bv_len );
		}
178
		HASH_Update( &HASHcontext,
179
			syntax->ssyn_oid, slen );
180
		HASH_Update( &HASHcontext,
181
			mr->smr_oid, mlen );
182
		HASH_Update( &HASHcontext,
183
			values[i].bv_val, values[i].bv_len );
184
		HASH_Final( HASHdigest, &HASHcontext );
185

186
		ber_dupbv( &keys[i], &digest );
187
188
	}

189
	keys[i].bv_val = NULL;
190
	keys[i].bv_len = 0;
191
192
193
194
195
196
197

	*keysp = keys;

	return LDAP_SUCCESS;
}

/* Index generation function */
198
int octetStringFilter(
199
200
	slap_mask_t use,
	slap_mask_t flags,
201
202
203
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
204
	void * assertedValue,
205
	BerVarray *keysp )
206
207
{
	size_t slen, mlen;
208
	BerVarray keys;
209
	HASH_CONTEXT   HASHcontext;
Gary Williams's avatar
Gary Williams committed
210
	unsigned char	HASHdigest[HASH_BYTES];
211
	struct berval *value = (struct berval *) assertedValue;
212
	struct berval digest;
213
214
	digest.bv_val = HASHdigest;
	digest.bv_len = sizeof(HASHdigest);
215

216
217
	slen = syntax->ssyn_oidlen;
	mlen = mr->smr_oidlen;
218

219
	keys = ch_malloc( sizeof( struct berval ) * 2 );
220

221
	HASH_Init( &HASHcontext );
222
	if( prefix != NULL && prefix->bv_len > 0 ) {
223
		HASH_Update( &HASHcontext,
224
225
			prefix->bv_val, prefix->bv_len );
	}
226
	HASH_Update( &HASHcontext,
227
		syntax->ssyn_oid, slen );
228
	HASH_Update( &HASHcontext,
229
		mr->smr_oid, mlen );
230
	HASH_Update( &HASHcontext,
231
		value->bv_val, value->bv_len );
232
	HASH_Final( HASHdigest, &HASHcontext );
233

234
235
	ber_dupbv( keys, &digest );
	keys[1].bv_val = NULL;
236
	keys[1].bv_len = 0;
237
238
239
240
241

	*keysp = keys;

	return LDAP_SUCCESS;
}
242

243
244
245
246
247
static int
inValidate(
	Syntax *syntax,
	struct berval *in )
{
Kurt Zeilenga's avatar
Kurt Zeilenga committed
248
249
	/* no value allowed */
	return LDAP_INVALID_SYNTAX;
250
251
}

252
static int
253
blobValidate(
254
255
256
257
	Syntax *syntax,
	struct berval *in )
{
	/* any value allowed */
258
	return LDAP_SUCCESS;
259
260
}

261
262
263
264
265
266
267
268
269
270
271
272
273
static int
bitStringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t i;

	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */
	if( in->bv_len < 3 ) {
		return LDAP_INVALID_SYNTAX;
	}
274

275
276
277
278
279
280
281
282
283
284
	/*
	 * rfc 2252 section 6.3 Bit String
	 * bitstring = "'" *binary-digit "'"
	 * binary-digit = "0" / "1"
	 * example: '0101111101'B
	 */
	
	if( in->bv_val[0] != '\'' ||
		in->bv_val[in->bv_len-2] != '\'' ||
		in->bv_val[in->bv_len-1] != 'B' )
285
286
287
288
	{
		return LDAP_INVALID_SYNTAX;
	}

289
	for( i=in->bv_len-3; i>0; i-- ) {
290
291
292
293
294
295
296
297
		if( in->bv_val[i] != '0' && in->bv_val[i] != '1' ) {
			return LDAP_INVALID_SYNTAX;
		}
	}

	return LDAP_SUCCESS;
}

298
299
300
301
static int
bitStringNormalize(
	Syntax *syntax,
	struct berval *val,
302
	struct berval *normalized )
303
304
{
	/*
305
	 * A normalized bitString is has no extaneous (leading) zero bits.
306
307
	 * That is, '00010'B is normalized to '10'B
	 * However, as a special case, '0'B requires no normalization.
308
	 */
309
310
311
312
313
314
315
316
317
318
	char *p;

	/* start at the first bit */
	p = &val->bv_val[1];

	/* Find the first non-zero bit */
	while ( *p == '0' ) p++;

	if( *p == '\'' ) {
		/* no non-zero bits */
319
		ber_str2bv( "\'0\'B", sizeof("\'0\'B") - 1, 1, normalized );
320
321
322
		goto done;
	}

323
	normalized->bv_val = ch_malloc( val->bv_len + 1 );
324

325
326
	normalized->bv_val[0] = '\'';
	normalized->bv_len = 1;
327
328

	for( ; *p != '\0'; p++ ) {
329
		normalized->bv_val[normalized->bv_len++] = *p;
330
331
	}

332
	normalized->bv_val[normalized->bv_len] = '\0';
333
334
335
336
337

done:
	return LDAP_SUCCESS;
}

338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
static int
nameUIDValidate(
	Syntax *syntax,
	struct berval *in )
{
	int rc;
	struct berval dn;

	if( in->bv_len == 0 ) return LDAP_SUCCESS;

	ber_dupbv( &dn, in );
	if( !dn.bv_val ) return LDAP_OTHER;

	if( dn.bv_val[dn.bv_len-1] == 'B'
		&& dn.bv_val[dn.bv_len-2] == '\'' )
	{
		/* assume presence of optional UID */
		ber_len_t i;

		for(i=dn.bv_len-3; i>1; i--) {
			if( dn.bv_val[i] != '0' &&	dn.bv_val[i] != '1' ) {
				break;
			}
		}
		if( dn.bv_val[i] != '\'' || dn.bv_val[i-1] != '#' ) {
			ber_memfree( dn.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		/* trim the UID to allow use of dnValidate */
		dn.bv_val[i-1] = '\0';
		dn.bv_len = i-1;
	}

	rc = dnValidate( NULL, &dn );

	ber_memfree( dn.bv_val );
	return rc;
}

static int
nameUIDNormalize(
	Syntax *syntax,
	struct berval *val,
	struct berval *normalized )
{
	struct berval out;
	int rc;

	ber_dupbv( &out, val );
	if( out.bv_len != 0 ) {
		struct berval uidin = { 0, NULL };
		struct berval uidout = { 0, NULL };

		if( out.bv_val[out.bv_len-1] == 'B'
			&& out.bv_val[out.bv_len-2] == '\'' )
		{
			/* assume presence of optional UID */
			uidin.bv_val = strrchr( out.bv_val, '#' );

			if( uidin.bv_val == NULL ) {
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}

			uidin.bv_len = out.bv_len - (uidin.bv_val - out.bv_val);
			out.bv_len -= uidin.bv_len--;

			/* temporarily trim the UID */
			*(uidin.bv_val++) = '\0';

			rc = bitStringNormalize( syntax, &uidin, &uidout );

			if( rc != LDAP_SUCCESS ) {
				free( out.bv_val );
				return LDAP_INVALID_SYNTAX;
			}
		}

#ifdef USE_DN_NORMALIZE
		rc = dnNormalize2( NULL, &out, normalized );
#else
		rc = dnPretty2( NULL, &out, normalized );
#endif

		if( rc != LDAP_SUCCESS ) {
			free( out.bv_val );
			free( uidout.bv_val );
			return LDAP_INVALID_SYNTAX;
		}

		if( uidout.bv_len ) {
			normalized->bv_val = ch_realloc( normalized->bv_val,
				normalized->bv_len + uidout.bv_len + sizeof("#") );

			/* insert the separator */
			normalized->bv_val[normalized->bv_len++] = '#';

			/* append the UID */
			AC_MEMCPY( &normalized->bv_val[normalized->bv_len],
				uidout.bv_val, uidout.bv_len );
			normalized->bv_len += uidout.bv_len;

			/* terminate */
			normalized->bv_val[normalized->bv_len] = '\0';
		}

		free( out.bv_val );
	}

	return LDAP_SUCCESS;
}

451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
/*
 * Handling boolean syntax and matching is quite rigid.
 * A more flexible approach would be to allow a variety
 * of strings to be normalized and prettied into TRUE
 * and FALSE.
 */
static int
booleanValidate(
	Syntax *syntax,
	struct berval *in )
{
	/* very unforgiving validation, requires no normalization
	 * before simplistic matching
	 */

	if( in->bv_len == 4 ) {
		if( !memcmp( in->bv_val, "TRUE", 4 ) ) {
			return LDAP_SUCCESS;
		}
	} else if( in->bv_len == 5 ) {
		if( !memcmp( in->bv_val, "FALSE", 5 ) ) {
			return LDAP_SUCCESS;
		}
	}

	return LDAP_INVALID_SYNTAX;
}

static int
booleanMatch(
	int *matchp,
482
	slap_mask_t flags,
483
484
485
486
487
488
489
490
491
492
493
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	/* simplistic matching allowed by rigid validation */
	struct berval *asserted = (struct berval *) assertedValue;
	*matchp = value->bv_len != asserted->bv_len;
	return LDAP_SUCCESS;
}

494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
/*-------------------------------------------------------------------
LDAP/X.500 string syntax / matching rules have a few oddities.  This
comment attempts to detail how slapd(8) treats them.

Summary:
  StringSyntax		X.500	LDAP	Matching
  DirectoryString	CHOICE	UTF8	i/e + ignore insignificant spaces
  PrintableString	subset	subset	i/e + ignore insignificant spaces
  NumericString		subset	subset  ignore all spaces
  IA5String			ASCII	ASCII	i/e + ignore insignificant spaces
  TeletexString		T.61	T.61	i/e + ignore insignificant spaces

  TelephoneNumber subset  subset  i + ignore all spaces and "-"

  See draft-ietf-ldapbis-strpro for details (once published).


Directory String -
  In X.500(93), a directory string can be either a PrintableString,
  a bmpString, or a UniversalString (e.g., UCS (a subset of Unicode)).
  In later versions, more CHOICEs were added.  In all cases the string
  must be non-empty.

517
  In LDAPv3, a directory string is a UTF-8 encoded UCS string.
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563

  For matching, there are both case ignore and exact rules.  Both
  also require that "insignificant" spaces be ignored.
	spaces before the first non-space are ignored;
	spaces after the last non-space are ignored;
	spaces after a space are ignored.
  Note: by these rules (and as clarified in X.520), a string of only
  spaces is to be treated as if held one space, not empty (which
  would be a syntax error).

NumericString
  In ASN.1, numeric string is just a string of digits and spaces
  and could be empty.  However, in X.500, all attribute values of
  numeric string carry a non-empty constraint.  For example:

	internationalISDNNumber ATTRIBUTE ::= {
		WITH SYNTAX InternationalISDNNumber
		EQUALITY MATCHING RULE numericStringMatch
		SUBSTRINGS MATCHING RULE numericStringSubstringsMatch
		ID id-at-internationalISDNNumber }
	InternationalISDNNumber ::=
	    NumericString (SIZE(1..ub-international-isdn-number))

  Unforunately, some assertion values are don't carry the same
  constraint (but its unclear how such an assertion could ever
  be true). In LDAP, there is one syntax (numericString) not two
  (numericString with constraint, numericString without constraint).
  This should be treated as numericString with non-empty constraint.
  Note that while someone may have no ISDN number, there are no ISDN
  numbers which are zero length.

  In matching, spaces are ignored.

PrintableString
  In ASN.1, Printable string is just a string of printable characters
  and can be empty.  In X.500, semantics much like NumericString (see
  serialNumber for a like example) excepting uses insignificant space
  handling instead of ignore all spaces.  

IA5String
  Basically same as PrintableString.  There are no examples in X.500,
  but same logic applies.  So we require them to be non-empty as
  well.

-------------------------------------------------------------------*/

564
565
566
567
568
569
570
571
572
static int
UTF8StringValidate(
	Syntax *syntax,
	struct berval *in )
{
	ber_len_t count;
	int len;
	unsigned char *u = in->bv_val;

573
574
	if( !in->bv_len ) return LDAP_INVALID_SYNTAX;

575
	for( count = in->bv_len; count > 0; count-=len, u+=len ) {
576
		/* get the length indicated by the first byte */
577
		len = LDAP_UTF8_CHARLEN2( u, len );
578

Kurt Zeilenga's avatar
Kurt Zeilenga committed
579
580
581
		/* very basic checks */
		switch( len ) {
			case 6:
582
				if( (u[5] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
583
584
585
					return LDAP_INVALID_SYNTAX;
				}
			case 5:
586
				if( (u[4] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
587
588
589
					return LDAP_INVALID_SYNTAX;
				}
			case 4:
590
				if( (u[3] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
591
592
593
					return LDAP_INVALID_SYNTAX;
				}
			case 3:
594
				if( (u[2] & 0xC0 )!= 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
595
596
597
					return LDAP_INVALID_SYNTAX;
				}
			case 2:
598
				if( (u[1] & 0xC0) != 0x80 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
599
600
601
					return LDAP_INVALID_SYNTAX;
				}
			case 1:
602
				/* CHARLEN already validated it */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
603
604
605
606
				break;
			default:
				return LDAP_INVALID_SYNTAX;
		}
607
608
609

		/* make sure len corresponds with the offset
			to the next character */
610
		if( LDAP_UTF8_OFFSET( u ) != len ) return LDAP_INVALID_SYNTAX;
611
612
	}

613
	if( count != 0 ) return LDAP_INVALID_SYNTAX;
614

615
	return LDAP_SUCCESS;
616
617
618
619
620
621
}

static int
UTF8StringNormalize(
	Syntax *syntax,
	struct berval *val,
622
	struct berval *normalized )
623
{
624
	char *p, *q, *s, *e;
625
	int len = 0;
626

Kurt Zeilenga's avatar
Kurt Zeilenga committed
627
628
629
	/* validator should have refused an empty string */
	assert( val->bv_len );

630
	p = val->bv_val;
631

632
	/* Ignore initial whitespace */
633
	/* All space is ASCII. All ASCII is 1 byte */
634
	for ( ; p < val->bv_val + val->bv_len && ASCII_SPACE( p[ 0 ] ); p++ );
635

636
	normalized->bv_len = val->bv_len - (p - val->bv_val);
Kurt Zeilenga's avatar
Kurt Zeilenga committed
637
638
639
640
641
642

	if( !normalized->bv_len ) {
		ber_mem2bv( " ", 1, 1, normalized );
		return LDAP_SUCCESS;
	}

643
644
	ber_mem2bv( p, normalized->bv_len, 1, normalized );
	e = normalized->bv_val + normalized->bv_len;
645
646
647
648

	assert( normalized->bv_val );

	p = q = normalized->bv_val;
649
	s = NULL;
650

651
	while ( p < e ) {
652
653
654
655
656
		q += len;
		if ( ASCII_SPACE( *p ) ) {
			s = q - len;
			len = 1;
			*q = *p++;
657

658
			/* Ignore the extra whitespace */
659
660
			while ( ASCII_SPACE( *p ) ) {
				p++;
661
			}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
662
		} else {
663
664
665
			len = LDAP_UTF8_COPY(q,p);
			s=NULL;
			p+=len;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
666
		}
667
668
	}

669
	assert( normalized->bv_val <= p );
670
	assert( q+len <= p );
671

672
	/* cannot start with a space */
673
	assert( !ASCII_SPACE( normalized->bv_val[0] ) );
674
675
676
677
678
679
680
681

	/*
	 * If the string ended in space, backup the pointer one
	 * position.  One is enough because the above loop collapsed
	 * all whitespace to a single space.
	 */

	if ( s != NULL ) {
Howard Chu's avatar
Howard Chu committed
682
		len = q - s;
683
		q = s;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
684
	}
685

686
	/* cannot end with a space */
687
688
689
	assert( !ASCII_SPACE( *q ) );

	q += len;
690
691
692
693

	/* null terminate */
	*q = '\0';

694
	normalized->bv_len = q - normalized->bv_val;
695

696
	return LDAP_SUCCESS;
697
698
}

699
/* Returns Unicode canonically normalized copy of a substring assertion
700
 * Skipping attribute description */
701
static SubstringsAssertion *
702
703
UTF8SubstringsassertionNormalize(
	SubstringsAssertion *sa,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
704
	unsigned casefold )
705
706
707
708
709
710
711
712
713
{
	SubstringsAssertion *nsa;
	int i;

	nsa = (SubstringsAssertion *)ch_calloc( 1, sizeof(SubstringsAssertion) );
	if( nsa == NULL ) {
		return NULL;
	}

714
	if( sa->sa_initial.bv_val != NULL ) {
715
		UTF8bvnormalize( &sa->sa_initial, &nsa->sa_initial, casefold );
716
		if( nsa->sa_initial.bv_val == NULL ) {
717
718
719
720
721
			goto err;
		}
	}

	if( sa->sa_any != NULL ) {
722
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
723
724
			/* empty */
		}
725
726
727
		nsa->sa_any = (struct berval *)
			ch_malloc( (i + 1) * sizeof(struct berval) );

728
		for( i=0; sa->sa_any[i].bv_val != NULL; i++ ) {
729
			UTF8bvnormalize( &sa->sa_any[i], &nsa->sa_any[i], 
730
				casefold );
731
			if( nsa->sa_any[i].bv_val == NULL ) {
732
733
734
				goto err;
			}
		}
735
		nsa->sa_any[i].bv_val = NULL;
736
737
	}

738
	if( sa->sa_final.bv_val != NULL ) {
739
		UTF8bvnormalize( &sa->sa_final, &nsa->sa_final, casefold );
740
		if( nsa->sa_final.bv_val == NULL ) {
741
742
743
744
745
746
747
			goto err;
		}
	}

	return nsa;

err:
Howard Chu's avatar
Howard Chu committed
748
	if ( nsa->sa_final.bv_val ) free( nsa->sa_final.bv_val );
749
	if ( nsa->sa_any ) ber_bvarray_free( nsa->sa_any );
Howard Chu's avatar
Howard Chu committed
750
	if ( nsa->sa_initial.bv_val ) free( nsa->sa_initial.bv_val );
751
752
753
754
	ch_free( nsa );
	return NULL;
}

755
#ifndef SLAPD_APPROX_OLDSINGLESTRING
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773

#if defined(SLAPD_APPROX_INITIALS)
#define SLAPD_APPROX_DELIMITER "._ "
#define SLAPD_APPROX_WORDLEN 2
#else
#define SLAPD_APPROX_DELIMITER " "
#define SLAPD_APPROX_WORDLEN 1
#endif

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
774
775
	struct berval *nval, *assertv;
	char *val, **values, **words, *c;
776
777
	int i, count, len, nextchunk=0, nextavail=0;

778
	/* Yes, this is necessary */
779
	nval = UTF8bvnormalize( value, NULL, LDAP_UTF8_APPROX );
780
	if( nval == NULL ) {
781
782
783
784
785
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
786
787
	assertv = UTF8bvnormalize( ((struct berval *)assertedValue),
		NULL, LDAP_UTF8_APPROX );
788
	if( assertv == NULL ) {
789
		ber_bvfree( nval );
790
791
792
		*matchp = 1;
		return LDAP_SUCCESS;
	}
793
794

	/* Isolate how many words there are */
795
	for ( c = nval->bv_val, count = 1; *c; c++ ) {
796
797
798
799
800
801
802
803
804
		c = strpbrk( c, SLAPD_APPROX_DELIMITER );
		if ( c == NULL ) break;
		*c = '\0';
		count++;
	}

	/* Get a phonetic copy of each word */
	words = (char **)ch_malloc( count * sizeof(char *) );
	values = (char **)ch_malloc( count * sizeof(char *) );
805
	for ( c = nval->bv_val, i = 0;  i < count; i++, c += strlen(c) + 1 ) {
806
807
808
809
		words[i] = c;
		values[i] = phonetic(c);
	}

810
	/* Work through the asserted value's words, to see if at least some
811
812
	   of the words are there, in the same order. */
	len = 0;
813
814
	while ( (ber_len_t) nextchunk < assertv->bv_len ) {
		len = strcspn( assertv->bv_val + nextchunk, SLAPD_APPROX_DELIMITER);
815
816
817
818
		if( len == 0 ) {
			nextchunk++;
			continue;
		}
819
#if defined(SLAPD_APPROX_INITIALS)
820
		else if( len == 1 ) {
821
822
			/* Single letter words need to at least match one word's initial */
			for( i=nextavail; i<count; i++ )
823
				if( !strncasecmp( assertv->bv_val + nextchunk, words[i], 1 )) {
824
					nextavail=i+1;
825
					break;
826
				}
827
828
		}
#endif
829
		else {
830
			/* Isolate the next word in the asserted value and phonetic it */
831
832
			assertv->bv_val[nextchunk+len] = '\0';
			val = phonetic( assertv->bv_val + nextchunk );
833
834
835
836
837
838
839
840

			/* See if this phonetic chunk is in the remaining words of *value */
			for( i=nextavail; i<count; i++ ){
				if( !strcmp( val, values[i] ) ){
					nextavail = i+1;
					break;
				}
			}
841
			ch_free( val );
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
		}

		/* This chunk in the asserted value was NOT within the *value. */
		if( i >= count ) {
			nextavail=-1;
			break;
		}

		/* Go on to the next word in the asserted value */
		nextchunk += len+1;
	}

	/* If some of the words were seen, call it a match */
	if( nextavail > 0 ) {
		*matchp = 0;
	}
	else {
		*matchp = 1;
	}

	/* Cleanup allocs */
863
	ber_bvfree( assertv );
864
865
866
867
868
	for( i=0; i<count; i++ ) {
		ch_free( values[i] );
	}
	ch_free( values );
	ch_free( words );
869
	ber_bvfree( nval );
870
871
872
873

	return LDAP_SUCCESS;
}

874
static int 
875
876
877
878
879
880
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
881
882
	BerVarray values,
	BerVarray *keysp )
883
{
884
	char *c;
885
	int i,j, len, wordcount, keycount=0;
886
	struct berval *newkeys;
887
	BerVarray keys=NULL;
888

889
	for( j=0; values[j].bv_val != NULL; j++ ) {
890
		struct berval val = { 0, NULL };
891
		/* Yes, this is necessary */
892
893
		UTF8bvnormalize( &values[j], &val, LDAP_UTF8_APPROX );
		assert( val.bv_val != NULL );
894

895
		/* Isolate how many words there are. There will be a key for each */
896
		for( wordcount = 0, c = val.bv_val; *c; c++) {
897
898
899
900
901
902
903
904
			len = strcspn(c, SLAPD_APPROX_DELIMITER);
			if( len >= SLAPD_APPROX_WORDLEN ) wordcount++;
			c+= len;
			if (*c == '\0') break;
			*c = '\0';
		}

		/* Allocate/increase storage to account for new keys */
905
906
		newkeys = (struct berval *)ch_malloc( (keycount + wordcount + 1) 
			* sizeof(struct berval) );
Kurt Zeilenga's avatar
Kurt Zeilenga committed
907
		AC_MEMCPY( newkeys, keys, keycount * sizeof(struct berval) );
908
909
910
911
		if( keys ) ch_free( keys );
		keys = newkeys;

		/* Get a phonetic copy of each word */
912
		for( c = val.bv_val, i = 0; i < wordcount; c += len + 1 ) {
913
914
			len = strlen( c );
			if( len < SLAPD_APPROX_WORDLEN ) continue;
915
			ber_str2bv( phonetic( c ), 0, 0, &keys[keycount] );
916
917
918
919
			keycount++;
			i++;
		}

920
		ber_memfree( val.bv_val );
921
	}
922
	keys[keycount].bv_val = NULL;
923
924
925
926
927
	*keysp = keys;

	return LDAP_SUCCESS;
}

928
static int 
929
930
931
932
933
934
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
935
	void * assertedValue,
936
	BerVarray *keysp )
937
{
938
	char *c;
939
	int i, count, len;
940
	struct berval *val;
941
	BerVarray keys;
942

943
	/* Yes, this is necessary */
944
	val = UTF8bvnormalize( ((struct berval *)assertedValue),
Kurt Zeilenga's avatar
Kurt Zeilenga committed
945
		NULL, LDAP_UTF8_APPROX );
946
	if( val == NULL || val->bv_val == NULL ) {
947
948
		keys = (struct berval *)ch_malloc( sizeof(struct berval) );
		keys[0].bv_val = NULL;
949
		*keysp = keys;
950
		ber_bvfree( val );
951
952
953
		return LDAP_SUCCESS;
	}

954
	/* Isolate how many words there are. There will be a key for each */
955
	for( count = 0,c = val->bv_val; *c; c++) {
956
957
958
959
960
961
962
963
		len = strcspn(c, SLAPD_APPROX_DELIMITER);
		if( len >= SLAPD_APPROX_WORDLEN ) count++;
		c+= len;
		if (*c == '\0') break;
		*c = '\0';
	}

	/* Allocate storage for new keys */
964
	keys = (struct berval *)ch_malloc( (count + 1) * sizeof(struct berval) );
965
966

	/* Get a phonetic copy of each word */
967
	for( c = val->bv_val, i = 0; i < count; c += len + 1 ) {
968
969
		len = strlen(c);
		if( len < SLAPD_APPROX_WORDLEN ) continue;
970
		ber_str2bv( phonetic( c ), 0, 0, &keys[i] );
971
972
973
		i++;
	}

974
	ber_bvfree( val );
975

976
	keys[count].bv_val = NULL;
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
	*keysp = keys;

	return LDAP_SUCCESS;
}


#else
/* No other form of Approximate Matching is defined */

static int
approxMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	char *vapprox, *avapprox;
996
	char *s, *t;
997

998
	/* Yes, this is necessary */
999
	s = UTF8normalize( value, UTF8_NOCASEFOLD );
1000
1001
1002
1003
1004
1005
	if( s == NULL ) {
		*matchp = 1;
		return LDAP_SUCCESS;
	}

	/* Yes, this is necessary */
1006
	t = UTF8normalize( ((struct berval *)assertedValue),
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
			   UTF8_NOCASEFOLD );
	if( t == NULL ) {
		free( s );
		*matchp = -1;
		return LDAP_SUCCESS;
	}

	vapprox = phonetic( strip8bitChars( s ) );
	avapprox = phonetic( strip8bitChars( t ) );

	free( s );
	free( t );
1019
1020
1021
1022
1023
1024
1025
1026
1027

	*matchp = strcmp( vapprox, avapprox );

	ch_free( vapprox );
	ch_free( avapprox );

	return LDAP_SUCCESS;
}

1028
static int 
1029
1030
1031
1032
1033
1034
approxIndexer(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1035
1036
	BerVarray values,
	BerVarray *keysp )
1037
1038
{
	int i;
1039
	BerVarray *keys;
1040
	char *s;
1041

1042
	for( i=0; values[i].bv_val != NULL; i++ ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1043
		/* empty - just count them */
1044
	}
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1045
1046

	/* we should have at least one value at this point */
1047
1048
	assert( i > 0 );

1049
	keys = (struct berval *)ch_malloc( sizeof( struct berval ) * (i+1) );
1050
1051

	/* Copy each value and run it through phonetic() */
1052
	for( i=0; values[i].bv_val != NULL; i++ ) {
1053
		/* Yes, this is necessary */
1054
		s = UTF8normalize( &values[i], UTF8_NOCASEFOLD );
1055
1056

		/* strip 8-bit chars and run through phonetic() */
1057
		ber_str2bv( phonetic( strip8bitChars( s ) ), 0, 0, &keys[i] );
1058
		free( s );
1059
	}
1060
	keys[i].bv_val = NULL;
1061
1062
1063
1064
1065
1066

	*keysp = keys;
	return LDAP_SUCCESS;
}


1067
static int 
1068
1069
1070
1071
1072
1073
approxFilter(
	slap_mask_t use,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *prefix,
1074
	void * assertedValue,
1075
	BerVarray *keysp )
1076
{
1077
	BerVarray keys;
1078
	char *s;
1079

1080
	keys = (struct berval *)ch_malloc( sizeof( struct berval * ) * 2 );
1081

1082
	/* Yes, this is necessary */
1083
	s = UTF8normalize( ((struct berval *)assertedValue),
1084
1085
1086
1087
1088
1089
1090
1091
1092
			     UTF8_NOCASEFOLD );
	if( s == NULL ) {
		keys[0] = NULL;
	} else {
		/* strip 8-bit chars and run through phonetic() */
		keys[0] = ber_bvstr( phonetic( strip8bitChars( s ) ) );
		free( s );
		keys[1] = NULL;
	}
1093
1094
1095
1096
1097
1098
1099

	*keysp = keys;
	return LDAP_SUCCESS;
}
#endif


1100
static int
1101
caseExactMatch(
1102
	int *matchp,
1103
	slap_mask_t flags,
1104
1105
1106
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
1107
	void *assertedValue )